[Python-checkins] bpo-35941: Fix performance regression in SSL certificate code (GH-12610)
Steve Dower
webhook-mailer at python.org
Tue Sep 10 04:47:00 EDT 2019
https://github.com/python/cpython/commit/b4fb2c29f34c322855ab6be72b491930cf508f64
commit: b4fb2c29f34c322855ab6be72b491930cf508f64
branch: 3.7
author: Steve Dower <steve.dower at python.org>
committer: GitHub <noreply at github.com>
date: 2019-09-10T01:46:40-07:00
summary:
bpo-35941: Fix performance regression in SSL certificate code (GH-12610)
Accumulate certificates in a set instead of doing a costly list contain
operation. A Windows cert store can easily contain over hundred
certificates. The old code would result in way over 5,000 comparison
operations
Signed-off-by: Christian Heimes <christian at python.org>
files:
M Lib/test/test_ssl.py
M Modules/_ssl.c
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 4a61711f0ee6..04ede28ab7c0 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -849,8 +849,8 @@ def test_enum_certificates(self):
cert, enc, trust = element
self.assertIsInstance(cert, bytes)
self.assertIn(enc, {"x509_asn", "pkcs_7_asn"})
- self.assertIsInstance(trust, (set, bool))
- if isinstance(trust, set):
+ self.assertIsInstance(trust, (frozenset, set, bool))
+ if isinstance(trust, (frozenset, set)):
trust_oids.update(trust)
serverAuth = "1.3.6.1.5.5.7.3.1"
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 91820fe9529d..a94dbbaec849 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -5384,7 +5384,7 @@ parseKeyUsage(PCCERT_CONTEXT pCertCtx, DWORD flags)
}
return PyErr_SetFromWindowsErr(error);
}
- retval = PySet_New(NULL);
+ retval = PyFrozenSet_New(NULL);
if (retval == NULL) {
goto error;
}
@@ -5459,20 +5459,6 @@ ssl_collect_certificates(const char *store_name)
return hCollectionStore;
}
-/* code from Objects/listobject.c */
-
-static int
-list_contains(PyListObject *a, PyObject *el)
-{
- Py_ssize_t i;
- int cmp;
-
- for (i = 0, cmp = 0 ; cmp == 0 && i < Py_SIZE(a); ++i)
- cmp = PyObject_RichCompareBool(el, PyList_GET_ITEM(a, i),
- Py_EQ);
- return cmp;
-}
-
/*[clinic input]
_ssl.enum_certificates
store_name: str
@@ -5495,7 +5481,7 @@ _ssl_enum_certificates_impl(PyObject *module, const char *store_name)
PyObject *keyusage = NULL, *cert = NULL, *enc = NULL, *tup = NULL;
PyObject *result = NULL;
- result = PyList_New(0);
+ result = PySet_New(NULL);
if (result == NULL) {
return NULL;
}
@@ -5535,11 +5521,10 @@ _ssl_enum_certificates_impl(PyObject *module, const char *store_name)
enc = NULL;
PyTuple_SET_ITEM(tup, 2, keyusage);
keyusage = NULL;
- if (!list_contains((PyListObject*)result, tup)) {
- if (PyList_Append(result, tup) < 0) {
- Py_CLEAR(result);
- break;
- }
+ if (PySet_Add(result, tup) == -1) {
+ Py_CLEAR(result);
+ Py_CLEAR(tup);
+ break;
}
Py_CLEAR(tup);
}
@@ -5563,7 +5548,14 @@ _ssl_enum_certificates_impl(PyObject *module, const char *store_name)
return PyErr_SetFromWindowsErr(GetLastError());
}
- return result;
+ /* convert set to list */
+ if (result == NULL) {
+ return NULL;
+ } else {
+ PyObject *lst = PySequence_List(result);
+ Py_DECREF(result);
+ return lst;
+ }
}
/*[clinic input]
@@ -5587,7 +5579,7 @@ _ssl_enum_crls_impl(PyObject *module, const char *store_name)
PyObject *crl = NULL, *enc = NULL, *tup = NULL;
PyObject *result = NULL;
- result = PyList_New(0);
+ result = PySet_New(NULL);
if (result == NULL) {
return NULL;
}
@@ -5617,11 +5609,10 @@ _ssl_enum_crls_impl(PyObject *module, const char *store_name)
PyTuple_SET_ITEM(tup, 1, enc);
enc = NULL;
- if (!list_contains((PyListObject*)result, tup)) {
- if (PyList_Append(result, tup) < 0) {
- Py_CLEAR(result);
- break;
- }
+ if (PySet_Add(result, tup) == -1) {
+ Py_CLEAR(result);
+ Py_CLEAR(tup);
+ break;
}
Py_CLEAR(tup);
}
@@ -5643,7 +5634,14 @@ _ssl_enum_crls_impl(PyObject *module, const char *store_name)
Py_XDECREF(result);
return PyErr_SetFromWindowsErr(GetLastError());
}
- return result;
+ /* convert set to list */
+ if (result == NULL) {
+ return NULL;
+ } else {
+ PyObject *lst = PySequence_List(result);
+ Py_DECREF(result);
+ return lst;
+ }
}
#endif /* _MSC_VER */
More information about the Python-checkins
mailing list